similar to: ldbsearch performance and tuning...

Displaying 20 results from an estimated 10000 matches similar to: "ldbsearch performance and tuning..."

2018 Aug 29
2
ldbsearch performance and tuning...
Mandi! Andrew Bartlett via samba In chel di` si favelave... > > I'm still on samba4.5, sorry me. > Fix that first. Eh... i hope on this year. > > I've done some (bash) scripting around ldbsearch, but i've found some > > performance and 'lock' trouble. > Correct, Samba before 4.7 has very poor unindexed search performance, > due to a bug.  OK.
2018 Aug 29
0
ldbsearch performance and tuning...
On Wed, 29 Aug 2018 10:39:20 +0200 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Andrew Bartlett via samba > In chel di` si favelave... > > > > I'm still on samba4.5, sorry me. > > Fix that first. > > Eh... i hope on this year. From that, it looks like you mean later this year, I would update as soon as 4.9.0 comes out. > >
2019 Mar 27
5
samba 4.9.5 - joining Samba DC to existing Samba AD failed (ldbsearch has not -U and -V)
On Wed, 27 Mar 2019 13:00:42 +0100 Franta Hanzlík <franta at hanzlici.cz> wrote: > Yes, is no difference between '-UAdministrator' and '-U > Administrator'. But it seems, as ldbsearch in 4.9.5 is different than > 4.9.4-. (I was furious with that, because I found lot articles on > net, where -U _username_ was stated. > > My ldbsearch is from pure
2020 Aug 24
5
accessing foreign AD users to NT domain
Mandi! Rowland penny via samba In chel di` si favelave... > Who was this 'someone' ? [...] > Yes, stop listening to spurious people who have never done the upgrade and > follow our documentation ;-) I'm 'someone'! ;-) And, as you know, i've correctly migrated/merged 4 NT domains in an AD domain some year ago, following also hint from this list. ;-) > I
2019 Mar 29
2
samba 4.9.5 - joining Samba DC to existing Samba AD failed (ldbsearch has not -U and -V)
On Fri, 29 Mar 2019 09:28:37 +0100 Franta Hanzlík <franta at hanzlici.cz> wrote: > On Wed, 27 Mar 2019 13:11:08 +0000 > Rowland Penny via samba <samba at lists.samba.org> wrote: > > > On Wed, 27 Mar 2019 13:00:42 +0100 > > Franta Hanzlík <franta at hanzlici.cz> wrote: > > > > > Yes, is no difference between '-UAdministrator' and
2019 Dec 04
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > If you go here: http://www.selfadsi.org/extended-ad/user-unlock.htm > It says: So, seems to me that 'Lockout-Duration' is an 'unused option'... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via
2019 Nov 15
3
Account locked and delayed user data propagation...
I need to do some testing, but before to hit by head on a known wall, i ask here. My AD domain get used (via PAM/Winbind) to give access to some other dervice, most notably here dovecot. When password expire (or users change it) the MUA try the old password some times, then ask for a new password; users cleraly get scared, press randomly 'OK' or 'Cancel', but if they press 2-3
2017 Nov 29
2
LDAP query and result: better field for username?
Currently for my user: root at vdmsv1:/etc/exim4# ldbsearch -H ldap://vdcsv1 -P -b DC=ad,DC=fvg,DC=lnf,DC=it "(cn=gaio)" | grep ": gaio$" cn: gaio name: gaio sAMAccountName: gaio uid: gaio msSFU30Name: gaio what field is betetr to use for querying for user 'gaio'? 'uid' no (because RFC2307 data can be missing), so? 'sAMAccountName'? or
2019 Dec 03
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... I came back on this, because still some glitches happen. Yesterday I'm locked out. 'pdbedit -vL gaio' say me that account IS locked. But: > yes, Provided you use the right attribute to search on ;-) > Something like this will give you if/when the account was locked out: > ldbsearch -H
2017 Oct 27
2
Some hint reading password expiration data...
Mandi! Andrew Bartlett via samba In chel di` si favelave... > It is an operational attribute. simply add  > msDS-UserPasswordExpiryTimeComputed > to the list of attributes requested when searching for the user. root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=ad,dc=fvg,dc=lnf,dc=it" -s base "" maxPwdAge # record 1 dn:
2017 Oct 04
3
Listing user...
Mandi! Rowland Penny via samba In chel di` si favelave... > Why do you need a list of users ? Because?! ;-) I've coded some script in the past (eg, when i was using OpenLDAP and samba in NT mode) that do something on the behalf of the users, ad i was used to do a 'getent passwd' to have the list. > effect when 5.0.0 came out. I cannot see any of then being marked as >
2019 Dec 06
2
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > You cannot create an ldap filter using the above, you would have to filter > the result of the ldap search. I can confirm: root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b DC=ad,DC=fvg,DC=lnf,DC=it '(&(objectClass=user)(sAMAccountName=gaio))' msDS-User-Account-Control-Computed # record 1 dn:
2017 Oct 20
2
Some hint reading password expiration data...
In my current ''production'' NT-like domain (samba 4.2, OpenLDAP backend), password policies seems to ''get written'' to user data. EG, if i set: pdbedit -P "maximum password age" -C 7776000 and i change my password, 'Password must change' have a meningful value, eg 90 days more then the last password change: root at armitage:~# pdbedit -v
2018 Apr 20
4
access domain via ldap failed
Er,there it is. I want to use samba to build a domain. I want to join computers into this domain. And I need to access this domain to get sid of computers in the domain, using C# class DirectoryEntry as 'ldap://my domain info' in my another program. ---- On Fri, 20 Apr 2018 01:27:54,"Rowland Penny via samba" <samba at lists.samba.org> wrote: >On Fri, 20 Apr 2018
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > Whilst there are attributes that do not get replicated between DC's, > the majority are, so each DC should allow the same access. > Do you have access to the DC ? > Can you run the search locally ? Sure! As just stated, local access (via ldbsearch against the local SAM) works as expected: root at vdcpp1:~# ldbsearch
2020 Jan 07
2
Domain 'resync', DC with FSMO roles LDAP troubles...
Happy new year to all! Samba 4.9.17 on stretch, Louis package. On 22/12, at midnight, office closed, i suffered a network outgage that 'broke in two' my domain. On 23/12, at 14.00, network come back. After that, some scripts written around ldbsearch i run on DM (against vdcsv1 that is the DC with FSMO roles) start to complain: Failed to bind - LDAP client internal error:
2019 Jan 10
2
[Oddity] SAMAccountName and 20+ chars logins...
Hai Marco, What i did mean. You can have 255 chars in total with these limitation's Windows NT 4.0, Windows 95, Windows 98, and LAN Manager : 20 = sAMAccountName Windows 2000 and up : 256 chars = sAMAccountName at alias.domain.tld ( full distinguished name ) The SAM-Account-Name attribute (also known as the pre?Windows 2000 user logon name) is limited to 256 characters in the Active
2019 Nov 18
1
Account locked and delayed user data propagation...
Mandi! Rowland penny via samba In chel di` si favelave... > yes, Provided you use the right attribute to search on ;-) Ah! ;-) Just i'm here, i test three condition in account flags, eg: UAC=$(ldbsearch ${LDB_OPTS} -b "${BASEDN}" "(&(objectClass=user)(sAMAccountName=$1))" userAccountControl | grep "^userAccountControl: " | cut -d ' ' -f 2-)
2020 Oct 29
1
authenticate to samba using email address
Mandi! Rowland penny via samba In chel di` si favelave... > You are authenticating to AD, so you need to use information that AD > understands, its dns domain (not an email domain) and the users name, or the > Netbios domain\username. But UPN is written 'domainful', eg 'username at ad.domain.name': root at vdcsv1:~# ldbsearch -H /var/lib/samba/private/sam.ldb -b
2018 Nov 29
2
Different LDAP query in different DC...
Mandi! Rowland Penny via samba In chel di` si favelave... > > No. Anyway, note that query return correctly 'result: 0 Success', > > simply return no data. > That just means the search retuned without error Eh. Query succeded and return no data. Yes. > If you run the command: > ldapsearch -H ldap://vdcpp1.ad.fvg.lnf.it -W -D >